A study of factors in HIPAA non-compliant behavior

Joana Gaia; Xunyi Wang; Jennifer Basile; G. L. Sanders; David Murray

A study of factors in HIPAA non-compliant behavior

Joana Gaia
, Xunyi Wang
, Jennifer Basile
, G. L. Sanders
, David Murray

Management Science and Systems

SUNY Buffalo

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The 1996 Health Insurance Portability and Accountability Act (HIPAA) implemented safeguards to regulate the use and disclosure of personal health information. Even though the number of data breaches has declined, the number of affected individuals and total losses have increased. Trusted insiders are an emerging threat, because they have access to systems, administrative privileges and skills to disclose health information for monetary benefit. This study uses economics of crime literature and expected utility theory to model the relationships between risk aversion, risk perception, HIPAA knowledge and intention of violating HIPAA. We also examine the influence of gender and narcissism on risk aversion. A scenario-based survey design was used to examine the structural model. We find risk-aversion and HIPAA knowledge increase the perception of getting caught. This will in turn, affect the incentive amounts required to violate HIPAA regulations. Females are found to be more risk-averse than males. Interestingly, individuals rate high on the narcissism scale are more risk-averse. Contributions to the extant economics of crime and risk bodies of literature as well as practical implications are discussed.

Original language	English
Title of host publication	Americas Conference on Information Systems 2018
Subtitle of host publication	Digital Disruption, AMCIS 2018
Publisher	Association for Information Systems
ISBN (Print)	9780996683166
State	Published - 2018
Event	24th Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018 - New Orleans, United States Duration: Aug 16 2018 → Aug 18 2018

Publication series

Name	Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018

Conference

Conference	24th Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018
Country/Territory	United States
City	New Orleans
Period	08/16/18 → 08/18/18

Keywords

HIPAA
Incentive
Narcicism
Non-compliance
Risk aversion

Cite this

@inproceedings{6c6e4185fe5642bcbfc6b14f25212709,

title = "A study of factors in HIPAA non-compliant behavior",

abstract = "The 1996 Health Insurance Portability and Accountability Act (HIPAA) implemented safeguards to regulate the use and disclosure of personal health information. Even though the number of data breaches has declined, the number of affected individuals and total losses have increased. Trusted insiders are an emerging threat, because they have access to systems, administrative privileges and skills to disclose health information for monetary benefit. This study uses economics of crime literature and expected utility theory to model the relationships between risk aversion, risk perception, HIPAA knowledge and intention of violating HIPAA. We also examine the influence of gender and narcissism on risk aversion. A scenario-based survey design was used to examine the structural model. We find risk-aversion and HIPAA knowledge increase the perception of getting caught. This will in turn, affect the incentive amounts required to violate HIPAA regulations. Females are found to be more risk-averse than males. Interestingly, individuals rate high on the narcissism scale are more risk-averse. Contributions to the extant economics of crime and risk bodies of literature as well as practical implications are discussed.",

keywords = "HIPAA, Incentive, Narcicism, Non-compliance, Risk aversion",

author = "Joana Gaia and Xunyi Wang and Jennifer Basile and Sanders, \{G. L.\} and David Murray",

note = "Publisher Copyright: {\textcopyright} 2018 Association for Information Systems. All rights reserved.; 24th Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018 ; Conference date: 16-08-2018 Through 18-08-2018",

year = "2018",

language = "English",

isbn = "9780996683166",

series = "Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018",

publisher = "Association for Information Systems",

booktitle = "Americas Conference on Information Systems 2018",

address = "United States",

}

Gaia, J, Wang, X, Basile, J, Sanders, GL & Murray, D 2018, A study of factors in HIPAA non-compliant behavior. in Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018. Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018, Association for Information Systems, 24th Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018, New Orleans, United States, 08/16/18.

A study of factors in HIPAA non-compliant behavior. / Gaia, Joana; Wang, Xunyi; Basile, Jennifer et al.
Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018. Association for Information Systems, 2018. (Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A study of factors in HIPAA non-compliant behavior

AU - Gaia, Joana

AU - Wang, Xunyi

AU - Basile, Jennifer

AU - Sanders, G. L.

AU - Murray, David

PY - 2018

Y1 - 2018

N2 - The 1996 Health Insurance Portability and Accountability Act (HIPAA) implemented safeguards to regulate the use and disclosure of personal health information. Even though the number of data breaches has declined, the number of affected individuals and total losses have increased. Trusted insiders are an emerging threat, because they have access to systems, administrative privileges and skills to disclose health information for monetary benefit. This study uses economics of crime literature and expected utility theory to model the relationships between risk aversion, risk perception, HIPAA knowledge and intention of violating HIPAA. We also examine the influence of gender and narcissism on risk aversion. A scenario-based survey design was used to examine the structural model. We find risk-aversion and HIPAA knowledge increase the perception of getting caught. This will in turn, affect the incentive amounts required to violate HIPAA regulations. Females are found to be more risk-averse than males. Interestingly, individuals rate high on the narcissism scale are more risk-averse. Contributions to the extant economics of crime and risk bodies of literature as well as practical implications are discussed.

AB - The 1996 Health Insurance Portability and Accountability Act (HIPAA) implemented safeguards to regulate the use and disclosure of personal health information. Even though the number of data breaches has declined, the number of affected individuals and total losses have increased. Trusted insiders are an emerging threat, because they have access to systems, administrative privileges and skills to disclose health information for monetary benefit. This study uses economics of crime literature and expected utility theory to model the relationships between risk aversion, risk perception, HIPAA knowledge and intention of violating HIPAA. We also examine the influence of gender and narcissism on risk aversion. A scenario-based survey design was used to examine the structural model. We find risk-aversion and HIPAA knowledge increase the perception of getting caught. This will in turn, affect the incentive amounts required to violate HIPAA regulations. Females are found to be more risk-averse than males. Interestingly, individuals rate high on the narcissism scale are more risk-averse. Contributions to the extant economics of crime and risk bodies of literature as well as practical implications are discussed.

KW - HIPAA

KW - Incentive

KW - Narcicism

KW - Non-compliance

KW - Risk aversion

UR - https://www.scopus.com/pages/publications/85054256663

M3 - Conference contribution

AN - SCOPUS:85054256663

SN - 9780996683166

T3 - Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018

BT - Americas Conference on Information Systems 2018

PB - Association for Information Systems

T2 - 24th Americas Conference on Information Systems 2018: Digital Disruption, AMCIS 2018

Y2 - 16 August 2018 through 18 August 2018

ER -

A study of factors in HIPAA non-compliant behavior

Abstract

Publication series

Conference

Keywords

Other files and links

Fingerprint

Cite this